Russenger Ransomware

Posted: February 21, 2018

Russenger Ransomware Description

The Russenger Ransomware is a file-locking Trojan that uses encryption to keep your files, such as documents, pictures, or archives, from opening. This threat's campaign is disguising its executable as accounting software and may attempt the installations via file-sharing networks or free software websites. Have your anti-malware programs delete the Russenger Ransomware as soon as they can, to reduce data loss to a minimum, and use your backups for recovering any locked files.

The Messenger with a Ransom for You

Russia-targeting Trojans are becoming a daily part of the file-locking Trojan industry, although most of these threats appear to attack random residents, instead of the networks of corporate, government or NGO entities. The Russenger Ransomware is another example of a Trojan using ransoming messages specific for that nation, although its developers may be from a different nationality, due to their linguistic errors. This Trojan's name is due to the 'Messenger' data found in its file data, although it doesn't pretend to be an instant messaging program of any kind.

Rather than being an 'IM' utility, the Russenger Ransomware is posing itself as being a product of the 1C Company, which is an entity noted for its video game and business productivity software. The program's main installer is a Windows executable of just over one megabyte, which makes it slightly larger than most file-locking Trojans of note to malware analysts. Some symptoms of any Russenger Ransomware infection include:

  • The Russenger Ransomware blocks different formats of media by using a not-yet-identified encryption method, such as AES-256 or RSA. The Russenger Ransomware appends '.messenger-%random%' extensions to their names (where 'random' is a randomized set of alphanumeric character that changes from name to name).
  • The Trojan also delivers a static text message asking the user to contact the threat actor's e-mail for paying to unlock the above files. The Russian language note includes some relatively obvious grammar issues and may be a byproduct of an automated translator.
  • Most of the Russenger Ransomware's payload is non-configurable, and malware researchers speculate that its admins are generating new executable variants of the Trojan for each series of attacks against any individual entity. This characteristic sets the Russenger Ransomware apart from most kinds of file-locking threats that include capabilities for generating details like the ID number of the 'customer' dynamically.

Sending Bad Messengers out the Door with Nothing

According to the information associated with its last samples, the Russenger Ransomware is more likely of circulating by the infection vectors most often notable for abetting the installation of fake or mislabeled software. Victims may compromise their PCs by installing 'accounting programs' from freeware sites, pirated content-promoting domains, or any file-sharing networks with few security standards, such as torrents. Once it launches, the Russenger Ransomware can lock your files without needing any further permission from any user.

Malware researchers are still determining the potential decryption solutions for the Russenger Ransomware, which may or may not leave you with any recoverable media. File-locking attacks always are best prevented beforehand, although users can keep backups for lowering any chance of data loss that's permanent. Since less than a dozen brands of professional anti-malware products are detecting this threat, emphasize should be placed on updating your PC's security software for helping it delete the Russenger Ransomware with as much accuracy as possible.

Russia's heritage within the threat industry is a unique one, but not one that grants it immunity from attacks by threat actors who reside elsewhere. Considering the average cost of a Trojan campaign's ransom, the price of the Russenger Ransomware's 'free' software is higher than one would hope.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Russenger Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Russenger Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.